This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

NET. Messenger update email.

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

I recieved ten emails in one go entitled "NET. Messenger update."

This is strange.I checked one of them and it said make sure you update messenger if you dont have the latest version.It went on about how Microsoft care for your security and so you should follow our guidelines.

The addresses it gave to download the stuff were written down but they weren't clickable links.

This email wasn't from Microsoft I'm sure so I'm asking you guys what do you think.

I haven't checked the URL's because there may be a virus there or something.

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

The first link I posted gives you an explanation for the reson you recieved multiple emails. I got the mail so thought I'd check it out. The link is legit and your safe. Do you have any antivirus if so update it then go to the link.

W32/Dumaru-A is a virus that spreads using email and infects other executable using NTFS Alternate Data Stream.

The virus arrives in an email message with the following characteristics:
Sender: "Microsoft" &lt;[email protected]&gt;
Subject line: Use this patch immediately !
Message text: Dear friend, use this Internet Explorer patch now!
There are dangerous virus in the Internet now!
More than 500.000 already infected!
Attached file: patch.exe

When the attachment is run W32/Dumaru-A copies itself into the Windows folder as dllreg.exe and into the Windows system folder as load32.exe and vxdmgr32.exe.

W32/Dumaru-A drops and runs &lt;Windows&gt;\windrv.exe. Windrv.exe is a backdoor Trojan detected by Sophos Anti-Virus as Troj/Narod-B.

The virus creates the registry value load32 of the registry key

\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

so that the virus file &lt;Windows system&gt;\load32.exe is run on Windows startup.

W32/Dumaru-A also changes system files system.ini and win.ini. The shell entry of the boot section in System.ini is changed so that it contains the reference to the virus file vxdmgr32 in the Windows systrem folder.

The virus creates a run entry in the windows section of win.ini to reference the virus file dllreg.exe in the Windows folder.

W32/Dumaru-A has its own SMTP engine and attempts to collect email addresses by searching the content of files with the extensions WAB, HTM, HTML, DBX, ABD and TBB.

On systems with NTFS the virus attempts to infect all PE executable files by replacing the original file with a copy of itself and saving the original file in an alternate data stream STR.

CertForums.com is not sponsored by, endorsed by or affiliated with Cisco Systems, Inc. Cisco®, Cisco Systems®, CCDA™, CCNA™, CCDP™, CCNP™, CCIE™, CCSI™; the Cisco Systems logo and the CCIE logo are trademarks or registered trademarks of Cisco Systems, Inc. All other trademarks, including those of Microsoft, CompTIA, VMware, Juniper ISC(2), and CWNP are trademarks of their respective owners.